Monitoring and Logging: That’s Right, We’re Watching You

Logging and monitoring provides an indication of what unauthorized security-related activities have been attempted or performed on a company’s network or systems, and helps determine what requires follow-up investigation and/or remediation. But to what extent can this process be automated, and when is human analysis required? And when does necessary monitoring become invasive spying? This session will consider the privacy aspects of monitoring and logging – particularly on BYOD – and how to get the most out of this practice.

The threat of ransomware is very real. Studies have found that it has hit one in three companies. And crypto-ransomware like Cryptolocker and Cryptowall are the scourge of the web – and with new and ever-more sophisticated variants springing up rapidly this year, have become the tool of choice for online blackmail and extortion by cybercriminals.

The threat of ransomware escalates as its quality improves and becomes ever more difficult to detect, potentially lying dormant on your systems, waiting to strike.

Security teams, therefore, need to be awake to the threats of extortionate malware.

Join us for this webinar, where a panel of experts will explore the threat of ransomware and answer your questions. Participate in the discussion as the panel discusses:

• What varieties of ransomware are being used today?
• What is crypto-ransomware and how does it work?
• How does it get onto your systems, your network?
• What can you do to protect your organization?

All workplaces share the same security threat: the well-meaning but careless employee who may be more focused on productivity than protecting the company’s sensitive or confidential information. Often, without thinking of the potential consequences, they leave confidential documents in plain view, share passwords, circumvent security procedures and transfer sensitive data to the public cloud without company approval – ultimately costing much more to your organization’s bottom line than the employee hoped to save in time. IT professionals agree that more security incidents are caused by negligence than malicious acts.

In this webinar, Dr Larry Ponemon of the Ponemon Institute and Michael Crouse, Director of Insider Threat Strategies, Raytheon | Websense, will discuss findings of the 2015 survey The Unintentional Insider Risk in the United States and German Organizations.

Topics for discussion include:
*How much unintentional security incidents are costing your organization
*Which employees are most likely to cause an unintentional insider breach
*What you can do about it

Today's attackers employ a variety of deception tactics allowing them to impersonate legitimate users and bypass existing IT security defences.

Web applications are often compromised in order to host malware or be turned into a phishing site. Users who visit these sites then become infected or have their credentials stolen, giving attackers access to your network. Once inside, attackers become insiders. They use stealthy techniques to move around the network, looking for targets, while remaining undetected for months.

In this webinar we will examine:
· Common tactics used by today’s attackers to target users and web assets;
· How attackers impersonate legitimate users to become “insiders”;
· Best practices for preventing, detecting and containing these threats.

In 2015 one third* of the global workforce – 1.3 billion people - will work remotely
Cost reductions and efficiency drives are the order of the day for all businesses but how can your firm carry this out without impacting employee productivity or compromising your data security? This webinar will look at how remote working, BYOD and implementing workspace solutions can help you achieve your efficiency goals without sacrificing data protection.

By attending the webinar you will:
•Discover how BYOD and workspace technology go hand-in-hand to save money
•Understand the role remote working and BYOD play in achieving in-house efficiencies
•Appreciate how workspace devices simultaneously improve employee productivity and keep confidential data secure
•Learn how to balance workforce mobility, productivity and security in a busy working environment

The rise of cloud applications in the workplace is driving the need for companies to extend existing security policies to all devices and manage access to cloud applications.

At the same time, more employees are using personally-owned devices to access, process and store corporate data.

And the ease of deploying cloud applications has increased the incidence of employees using unauthorised applications to process corporate data.

This webinar will discuss:
- the increased adoption of cloud applications;
- the need to deliver solutions with detailed analytics around cloud application usage;
- how to provide robust security solutions;
- and how to protect against web-borne threats.

The job of the infosec professional is becoming ever-more complicated. The effectiveness of legacy methods, tools and attitudes is diminishing, while the sophistication of attackers is on the rise. The problem for security professionals is a complex one – they need to update systems and processes to suit the new threat landscape, while trying to keep up with the threat of specialized and well-resourced cybercrime.

For a long time security pros have been bombarded with a simple message: It’s not if but when. CISOs need to accept that breaches are, more or less, inevitable. But how does security actually need to adapt to meet the new challenges this situation brings? Join our panel of experts for this webinar to find out. Topics to be discussed include:

As the subject of information security works its way into the boardroom, the importance of creating a company-wide information security culture is increasingly understood. Staff engagement at every level is required in order for the culture to be truly present and effective. This session will look at what it takes to make each and every user part of the organization’s information security defense, and what training and approaches can be adopted to change the company’s culture.

As organizations turn to the cloud to improve efficiency and reduce costs, information security professionals struggle to gain assurance that their organization’s data is secure. As sensitivity to privacy heightens following revelations about government surveillance, companies can’t afford to risk their critical information assets. The increased scrutiny has placed pressure on cloud providers to provide assurance around their ability to protect data. This session advises information security professionals about the questions they should be asking in order to find privacy and trust in the cloud.

Organizations are increasingly finding themselves the target of cyber-attack, with each breach of network infrastructure increasing the likelihood that vital corporate data could be stolen. Developing a stance of readiness against attacks that seek to steal information is therefore essential.

The range of security technologies available all claim to offer a solution to different problems – but which do you need to prioritize in order to give you a solid security foundation? How does the move the cloud affect companies’ data-loss prevention planning?

Ensuring that cybersecurity is high up the company agenda is also crucial – as is a managed approach to patching and vulnerability scanning.
Security is always a balancing act – requiring that you make the right decisions from the range of options available to you to suit your organization’s needs. To discuss how companies can achieve this, a panel of experts on this webinar will discuss:

•Research-based intelligence that sets out the state of the problem
•The tools, technologies and practices that contribute to a solid security program
•Security’s status within an organization’s hierarchy

Although third-party suppliers bring many benefits, the reality is that their systems, data management and even employee training standards may be vastly different to that of the organization receiving the services. Many organizations fail to consider whether their suppliers take the same attitude to cyber-attacks and hacking risks as they do. This session considers the questions that organizations should be asking their suppliers, and where liability lies in the event of a security incident.

Logging and monitoring provides an indication of what unauthorized security-related activities have been attempted or performed on a company’s network or systems, and helps determine what requires follow-up investigation and/or remediation. But to what extent can this process be automated, and when is human analysis required? And when does necessary monitoring become invasive spying? This session will consider the privacy aspects of monitoring and logging – particularly on BYOD – and how to get the most out of this practice.

The term ‘advanced persistent threat’ has been used (and perhaps abused) by information security vendors and professionals for years, but has the information security industry reached an accurate consensus on what an APT actually is, and how to manage one? This session will look to define the term and questions whether APTs are overhyped, or indeed under-managed, and what information security professionals should be doing about them.

The ability to move files effectively and securely is integral for organizations, with everything from sensitive personal records to highly confidential financial documents at risk of compromise if insufficient care is taken to security and compliance.

There is a vast array of systems used within enterprises for transferring files, from email attachments to cloud applications and FTP servers. But in a borderless IT environment, where users often deploy unauthorized methods to access and transfer sensitive business data, the pitfalls are many.

With significant financial repercussions facing organizations who fail to safeguard data, ensuring compliance and best practice in this area is key. This webinar will examine the essential considerations around file transfer and deliver best practice advice on how to implement the right technology for your organization.

Every month, our Patch webinar gives listeners a chance to stay up to date with the latest security updates and patches, and to look deeper at some of the issues around patch management.

In each webinar, we start with a look at Microsoft's Patch Tuesday releases and round up the main security updates and patches from other software and operating systems vendors. We then look at the key "out of band" patches, and our expert panel will discuss these and developing issues in the field of security updates and patching.

And, in each session, we will conclude with audience questions: your chance to quiz our experts on the best ways to keep your infrastructure secure.

The evolution of big data is in high gear. It is an exciting time for marketers, scientists, analysts and others looking for competitive advantages and new discoveries by examining their data sources in new and unique ways. Organisations are only just embracing the advantages that big data can bring to their business.
However, with few native security controls built into big data platforms, maintaining the confidentiality of an enterprise’s data becomes a significant challenge. Unfortunately, for big data environments the traditional ‘bolt-on’ security measures are not able to properly protect these architecturally different deployment models.

This webinar will help viewers to

1. Understand how global organisations are using NoSQL technologies like Apache Cassandra™ to increase competitive advantage

2. Have learned why traditional security solutions are unable to protect these environments

3. Discover how to mitigate risks of storing large volumes of intellectual property in a centralised NoSQL repository while adhering to compliance mandates

4. Understand how encryption in a NoSQL environment ingesting extremely large datasets in real-time can be transparently deployed without having to modify applications or re-architect the storage infrastructure

Certificates are a key part of the digital transaction value chain, and a key way both to secure transactions, and to establish trust.

But all browser providers are end of life-ing a set of certificates used to encrypt transactions between consumers and websites. Google, for example, has advised that Chrome will gradually sunset SHA-1 cryptography, which is used in the signing process of SSL certificates, so businesses supporting Chrome will need to upgrade.

Join us on this webinar to:

- learn about the background of SHA-1 certificates going end of life;
- understand the potential impact on business, including the potential negative effects on consumer trust and their willingness to complete transactions;
- understand how to prepare for a move to SHA-2, including key dates and possible technical challenges;
- learn how to manage any potential disruption and compliance issues, and how to manage the transition to new certificates

The tools and techniques of advanced persistent threat (APT) actors are constantly evolving, putting pressure on organizations to regularly review and enhance their security posture and defense readiness.

Organizations can take a range of approaches to improve the way they detect, respond to and contain advanced attacks. Key to the way they organize their defenses and incident response plans is intelligence gleaned from analysts and research reports.

This webinar will call on a range of industry experts to deliver their findings and best practice advice on the issue of incident response. FireEye will be presenting on the key insights drawn from its M-Trends 2015 report, compiled from hundreds of incident response investigations.

Topics for discussion include:

• The length of time typically have access to victims’ environments
• Third party compromises – how many companies are affected and how to detect
• The complexity of attribution as the lines blur between tactics used by cyber-criminals and nation-state actors
• The stealthy new tactics cyber-criminals deploy in order to move laterally and maintain persistence in victim environments.

Every month, our Patch webinar gives listeners a chance to stay up to date with the latest security updates and patches, and to look deeper at some of the issues around patch management.

In each webinar, we start with a look at Microsoft's Patch Tuesday releases and round up the main security updates and patches from other software and operating systems vendors. We then look at the key "out of band" patches, and our expert panel will discuss these and developing issues in the field of security updates and patching.

Superfish and other certificate installers, What is the threat and what is the scope of the problem?

And, in each session, we will conclude with audience questions: your chance to quiz our experts on the best ways to keep your infrastructure secure.

Don’t let your security programme fall behind. In a world where executives are asking more questions about security and high-profile breaches and critical vulnerabilities are reported in prime time, rigid policy frameworks and traditionally slow (but cautious) decision making are no longer sufficient.

Security departments in organisations of all sizes and across all industries must ensure that business critical assets are protected, compliance and regulatory requirements are met, and rapidly changing business goals are supported.

In this webinar we will discuss:

• The current state of the art for security programmes
• How to work with your organisation to ensure that security becomes a business enabler
• How to build a supportive security programme within an ever-evolving threat landscape

Infosecurity Magazine webinars are dedicated to bringing together the best in information security strategy, technology & insight. Each webinar includes high level industry speakers and analysts and provides relevant information and advice which our viewers can take away and implement in the workplace or to further personal development. For every session attended viewers can earn CPE credits towards CISSPs, SSCPs and ISACA accreditations.